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I. INTRODUCTION 

This report contains the Reliability Availability Maintainability (RAM) analysis 
of the earthmover automatic blade control system developed by the Civil Engineering 
Laboratory (CEL), Port Hueneme, California, 93043. The system is described in the 
Society of Automotive Engineers Paper No. 750765: Automatic and Adaptive Controls 
for Construction Equipment, Carter J. Ward, 1975. 

A. PURPOSE 

The purpose of the analysis is to investigate the RAM aspects (i.e. 
characteristics) of the earthmover automatic blade control system and prepare 
a plan to validate the Mean-Time-Between-Failures (MTBF) of the complete 
system (i.e. blade elevation and tilt angle controls, including the necessary 
hydraulic circuitry). 

B. SCOPE 

The RAM analysis encompassed reading, studying and learning the functional 
operation of the earthmover automatic blade control system. The following 
documents were used for this purpose. 

(1) Blade elevation control hydraulic circuit diagram. (Located in 
Appendix C.) 

(2) Blade tilt control electrical and hydraulic circuit diagram. (Located 
in Appendix C.) 

(3) Society of Automotive Engineers Paper No. 750765: Automatic and Adaptive 
Controls for Construction Equipment, by Carter J. Ward, 1975. 

(SAE Transactions VOL. 04, 1975) 

(4) Society of Automotive Engineers Paper No. 770551: Field Trials of 
Laser Surveying and of Experimental Earthmover Blade Control Kit, by Carter 
J. Ward and Preston S. Springton, April 1977. 

(5) Hydraulic Control Designs for Retrofitting to Mobile Equipment by: 
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Dr. Carter J. Ward, Paper Number 4.3, Presented at the Mobile Hydraulic 
Design Symposium 13-15 May 1980. 


Numerous conversations with CEL scientists and engineers and Spectra-Physics 
engineers provided additional information. 

RAM textbooks, and current military standards and specifications were 
researched to provide the latest state-of-the-art techniques/methods in per¬ 
forming Failures Modes and Effects Analysis (FMEA), part stress analysis for 
operation and storage and developing Reliability Block Diagrams. 
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II. RAM 


A. SUMMARY 

Based upon a part stress analysis prediction, the reliability for the 
earthmover automatic blade control system is: 



MTBF 

(Hours) 

Failure Rate 

Per 10° Hours 

Reliablity 
Per Day 

Reliability 
For 30 Days 

Elevation Control 

1050.9 

951.6 

0.9811 

0.5649 

Tilt Control 

8576.3 

116.6 

0.9977 

0.9323 

Both Elevation and 

936.2 

1068.2 

0.9788 

0.5266 


Tilt 

Design of new systems/equipment normally require an operational avail¬ 
ability (Ao) of between 0.90 and 0.95 with 0.95 being the goal and 0.90 the 
threshold (i.e. minimum acceptable). Ao can be expressed mathematically as: 

Ao* = MTBM + ready time 

MTBM + ready time + MDT 

* Maintainability, Blanchard & Lowery McGraw-Hill Inc. 1969 
where: 

MTBM - Mean Time Between Maintenance includes both preventive 
and corrective maintenance. 

Ready Time - includes the time the system/equipment is ready 
for use, but is not being operated. 

MDT - Mean Downtime - Total time during which a system/ 

equipment is not in condition to perform 
its intended function (includes time to 
repair, logistics and administrative 
delays). 

For purposes of evaluating the Ao of the earthmover automatic blade 
control system, it is assumed that there will be no preventive maintenance 
required although there has been four hours allocated in the operational life 
profile. MTBM becomes Mean Time Between Failures (MTBF). The Operation Life 
Profile indicates a mission time of 20 hours with four hours available for 
scheduled (preventive) maintenance. With this type of mission and the inherent 
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high reliability, it was concluded that ready time would have very little 
influence and, therefore, will not be included. Therefore, the Ao expression 
becomes: 


Ao = MTBF 

mtbF^mdt 

For a Ao * 0.95 and MTBF = 936.2, the MDT for the blade control system 
is 49.27 hours. With proper logistics support (i.e. number of spares being 
readily available) the design of the blade control system should meet the Ao 
goal requirement of 0.95. It should be noted that the laser transmitter and 
receiver constitutes 85.9% of the total failure rate and both of these units 
can be easily replaced within 30 minutes. It is also estimated that the remain¬ 
ing 14.1% of the failures (i.e. by replacement) would not take longer than 
two hours. The composite of these two times equates to approximately 43 
minutes which is well within the one hour allocated in the Operational Life 
Profile. To ensure meeting this Ao, an initial spare parts compliment should 
consist of at least one spare for every replaceable component with two spare 
laser transmitters and receivers for every 600 hours of operations. 

It should be emphasized that these values are all predicted and that a 
test should be conducted to ensure a reliability design. It is recommended 
that the test duration be 936 hours in length with no failures requiring more 
than one hour MDT for each 24 hour time period. 

Deep storage reliability for two years is 0.9737. 

B. TECHNICAL APPROACH 

The automatic blade control (both blade elevation and tilt) schematics 
and descriptions listed in the Scope were studied. A functional block diagram 
was developed and used to provide the basis for all subsequent RAM analyses. 

The automatic blade control system is illustrated schematically in Figure 1. 










Figure 1 - Automatic Blade Control System Schematic 


A reliability block diagram was developed from the functional block 
diagram using the guidance delineated in MIL-HDBK-217C, Appendix A. 

A FMEA was performed on both blade elevation and tilt controls using the 
guidance of MIL~STD-1629. 

A prediction (i.e. part stress analysis) was conducted on both the 
elevation and tilt controls using MIL-HDBK-217C and RADC TR-75-22 for 
operation. 

Test requirements were determined using MIL-STD-471A and MIL-STD-781C as 
guidance. 

The following paragraphs provide the detailed description and techniques/ 
methods of each of the analysis performed and subsequent results. 
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1. Functional Block Diagram 

A functional block diagram was developed from the references 
listed in the Scope. The functional block diagram for the earthmover 
automatic blade control system is shown in Figure 2. The following 
provides a description of the operation of the automatic blade control 
system. 


HYDRAULIC 



RESERVOIR 


Figure 2 - Functional Block Diagram 
Automatic Blade Control System 
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The rotating laser beam transmitter mounted on a tripod, with power 
supplied from an auxiliary 12V battery, establishes the elevation refer¬ 
ence. A receiver mounted on the earthmover monitors the elevation of the 
blade. The receiver consists of 32 photocells, 4 banks of 8 photocells, 
each 90 degrees apart. The photocells work in pairs indicating whether 
the blade is below, at grade or above grade. Current generated by the 
pair of photocells is processed through a current to voltage amplifier. 

This amplifier signal is again amplified in the pre-amplifier located 
in the base of the mast. The signal is then processed by the main amplifier, 
which provides sufficient drive to operate the solenoid-actuated open- 
center valves, which controls the blade elevation cylinders. The hydraulic 
portion of the control is plumbed directly into the machine's existing 
hydraulic loop. The machine's pump is used to power the unit. The 
accumulator serves two purposes; reduce pressure shocks in the system and 
divide the flow input. The variable flow throttle valves inserted in the 
actuator lines help divide the flow between the accumulator and blade 
actuator. They restrict the flow of fluid into the actuator circuit 
and,as a result, play a role in how much fluid goes into the accumulator. 

The check valve pressurizes the line to ensure adequate pressure to actuate 
the solenoids. Power for the receiver, pre-amplifier and amplifier are 
provided from the machine's batteries. 

The blade tile control system consists of a tilt angle sensor, amplifier, 
solenoid valve, and adjustable flow restrictor. The tilt angle sensor 
consists of a manometer tube made of glass and stainless steel, closed 
to eliminate fluid evaporation and contamination. A schematic of the angle 
sensor is shown in Figure 3. 
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Figure 3 - Angle Sensor Schematic 

The angle is sensed mechanically by the difference in float elevations 
supported by the fluid, and detected electrically by two photoelectric 
cells powered by the light source centered between them. Tilting of the 
sensor causes the floats to partially cover one photocell and uncover the 
other, generating a signal whose polarity indicates the direction and 
amount of tilt. The signal is then processed by an amplifier, which pro¬ 
vides sufficient drive to operate the solenoid activated open-center valve, 
which controls the blade tilt cylinder. 


8 









A reliability block diagram was developed from the functional block diaqram 
and the guidance delineated in MIL-HDBK-217C Appendix A, The earthmover automatic 
blade control system is shown in Figure 4. 

A prerequisite for developing the system level reliability block diagram is 
understanding the definition of the earthmover automatic blade control system as 
related to the definitions of reliability. 

System reliability is defined as the probability of performing a specified 
function or mission under specified conditions for a specified time. 

The reliability block diagram is a pictorial form of a statement of what is 
required for mission success. It provides the series and parallel paths depicting 
the equipment required for success. 

An understanding of the operations, use and constraints of the automatic blade 
control system was acquired from developing the functional block diagram and 
supporting system description. It was determined for both elevation and angle 
controls that all the equipment (i.e. assemblies, units, components) for each control 
would be required for system success. There is some redundancy in the elevation 
control with the laser receiver and the four banks of eight (8) photocells, but the 
operation would be greatly reduced, therefore it was concluded that all four (4) 
banks would be required. Since all the equipment for each control system is required 
a series block diagram resulted. 

The next step is to develop the reliability model (i.e. mathematical represen¬ 
tation of the reliability block diagram). 

Since all equipment is in series, the probability of system success for each 
control system is equal to the product of the probability of success for each of 
the individual equipment. Since reliability is a probability of success, the 
reliability for each block is determined and multiplied. The reliability for each 
block is determined from the expression; 









ELEVATION CONTROL 



R - • - X t 


X- ZX'J -951.6 FAILURES/ 10 6 HOURS 


R(20 HOURS) . e - <951.6X201(10*^) - 0.9811 

R(600 HOURS) - • • (961.6X600)11 O' 6 ) * 0.5649 


ANGLE CONTROL 



R- *• X t 
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#- (116.7M20H10' 6 ) -0.9977 
a • (116.7)(600H10' 6 ) -0.9323 


























R = e-At (At is an exponent) 


0) 


where 

R = reliability (expressed as a decimal) 
e = base of naperian log system (2.718) 

A = lambda or failure rate (normally expressed in failures/10 
t = mission time (normally expressed in hours) 

The expressions for probability of success for elevation control 
Pec = R ] R 2 R 3 R 4 R 5 R g R 7 R g R g R-jg R^ R-j 2 
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where Pec - probability of mission success 

R 1 " R 12 " ^liability of each block 

The expression for probability of success for angle control is; 

Ptc = R-| R 2 R g R^ R g Rg R? Rg (3) 

where: 

Ptc - probability of mission success 
R 1 - R g - reliability of each block 

Since all major components for both elevation and angle control are in series, 
equations 2 and 3 can be simplified to determine the reliability. The individual 
failure rates are added to determine the total failure rate for the system. For 
elevation control, the failure rate is 951.6 failures/10^ hours and for angle 
control, the failure rate of 116.7 failures/10^ hours. By solving the expression 
e-At where A is the failure rate and t the mission time, the reliability is 
determined. 

The failure rate (a) for each block is determined by performing a part stress 
analysis on the components, subassemblies, assemblies and units that comprise each 
block. The techniques and methods used are discussed in paragraph 4, Predicted MTBF 
The computation of the individual failure rates are also performed in paragraph 4. 
Each failure rate is annotated on the block. 







The two mission times used were for 20 hours and for 600 hours (30 missions 
times 20 hours). 

The computations using each of these mission times for each control system 
are shown below each reliability block diagram. 


3. Failure Modes and Effects Analysis (FMEA) 

A FMEA was performed on both the elevation and tilt controls. The FMEA 
evaluates the reliability of the design by postulating probable failure symptoms 
(modes) and determining the resulting effects of that failure. In addition, the 
basic cause of each failure and the design recommendations to circumvent or mitigate 
each are provided. 

MIL-STD-1629 provided the basic format for the report. 

A thorough understanding of the basic design and operation of the automatic 
control system is a prerequisite to conducting the system-level FMEA. The functional 
flow diagram and supporting system description in Section 1 provides the basis for 
the FMEA. 

In performing the system-level FMEA and compiling the results on the attached 
worksheet, the following criteria were used. Each area discussed below refers to 
the identical column on the worksheet. 

(1) Output Specification/Functional Description 

General subsystem requirements were used to provide the output specification 
functional description for the system being analyzed. 

(2) Failure Symptom 

A serial number is provided for identification of the failure symptom and 
possible cause. The numbers are assigned sequentially. The failure symptom 
description indicates the different ways in which each output specification, 
or functional description deviates from the required performance. 

(3) Possible Causes 

This is the possible cause associated with each postulated failure symptom 
identified in 2. 

(4) Failure Detection Method 

The failure detection method is used to describe the features that are 
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incorporated in the design through which occurrence of a failure mode is 
recognized. The word none indicates that there is no direct or indirect 
method of failure detection. 

(5) Effect of Failure 

The effect of failure will be the consequences of each assumed failure 
symptom on the operation, function, and/or status of the system being 
analyzed. The effect of failure describes the results of the failure 
symptom on the system being evaluated. 

(6) Existing Compensation Provision 

An existing compensation provision is an integral part of the design that 
either circumvents or mitigates the effect of the postulated failure. 
Compensating provisions include redundant items that allow continued and 
safe operation if one or more items fail, alternate modes of operation, and 
safety or relief devices. 

(7) Classification of Failure 

The following failure definitions were provided in the Statement of Work. 

(a) Level 1 Minor .(Negligible) Failure mode characterized by the 
following condition: 

(1) The automatic control system is more difficult to operate. 

(b) Level 2 Major . (Maginal) Failure mode characterized by the following 
condition: 

(1) The automatic blade tilt control inoperative. 

(c) Level 3 Critical . Failure mode characterized by the following 
condition: 

(1) The automatic elevation control system is inoperative. 

(d) Level 4 Catastropic. Failure mode characterized by the following 
condition: 

(1) Complete machine is inoperative. 
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(8) Failure Probability 

Failure probability is provided for each possible cause for all postu¬ 
lated, identified failure symptoms. Failure probabilities are based on 
the complexity of the equipment, usage and application within the sub¬ 
system, and historial data. Generic terms such as very low, low, medium 
and high are used to describe each failure probability. 

(9) Remarks 

Recommended improvements are provided to either reduce the classifi¬ 
cation of failure or provide optimum compensating provision or to 
improve maintenance and operation procedures. 

A FMEA has been performed on both the elevation and tilt control system. 
The results of the FMEA are contained on the following worksheets. 
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. Predicted Mean Time Between Failures (MTBF ) 

To evaluate the design of the earthmover automatic blade control system for 
reliability aspects, the failure rate (.\) or MTBF (= 1/x) for each item (i.e. compon¬ 
ent, subassembly, assembly or unit) that comprise the system is required. 

The MTBF or failure rate can be computed or determined in different ways. For 
equipments that have been in use for some time, actual data can be used to provide 
the failure rate data. For equipment that is new in design and has not been used 
extensively in the field, a part stress analysis (i.e. prediction technique) pro¬ 
vides the best estimate of failure rate. The technique chosen for the blade 
control system was performing a part stress analysis. MIL-HDBK-217C and RADC 
TR-75-22 provides basic failure rates for individual components, subassemblies, 
assemblies and units that comprise the control system. MIL-HDBK-217C was used 
for all other electronic items. RADC TR-75-22 was used for all other items. Assumi 
a 50% electrical stress on all components and ambient temperature of 44°C basic 
failure rates were extracted from tables in the above two references. These basic 
failure rates were multiplied by environmental and operational factors for each 
component within an assembly or unit. The failure rate of the assembly or unit 
was determined by adding all of the individual failure rates. The attached work¬ 
sheet shows the basic component failure rate, application (environmental) modifiers 
and source of failure rates (remarks column) for each component that comprise the 
earthmover automatic blade control system. These are operational failure rates. 
That is, when the equipment is being operated. 


21 





















FAILURES PER 10° HOUR 









5. Test Regime 

In accordance with MIL-STD-781C, a fixed length test plan provides the best 
estimate of true MTBF and provides the means to determine if the reliability 
requirements have been met. The predicted MTBF is 936 hours and is considered 
an average value and an estimate of the true value. With application of 
confidence limit or confidence interval, a measure of the closeness of the 
estimate to the true value is determined. The majority of the individual test 
times to failure of the components used in the blade control system are 
exponentially distributed and calculations of confidence limits are based on 
chi-square distribution. 

Assuming that the predicted value, MTBF=936 hours, is what is required, this 
value establishes the lower one-sided MTBF requirements. Using the chi-square 
distribution, for 90 per cent confidence, the equipment must be tested for the 
following hours with associated failures. 

0 Failure - 2155 hours 

1 Failure - 2155 hours 

2 Failures- 3640 hours 

Testing is expensive, therefore it's desirable to minimize the amount of 
testing required and still ensure a reliable product. 

Assuming that the predicted MTBF of 936 hours is what is required and is the 
time duration for testing; zero failures would produce a 90 per cent confidence 
that the MTBF will be 406.5 hours. 

The operational profile allows for one hour of corrective maintenance per 
day. The majority of failures (laser transitter and receiver) are easily 
replaceable within the one hour time limit. In addition, an adequate supply 
of spare parts would ensure that the majority of all failures be easily corrected 
within one hour. Therefore, it is recommended that the automatic blade control 
system be tested for 936 hours without failures to ensure a 90% confidence that 
the MTBF will be at least 406.5 hours. 
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APPENDIX A OPERATIONAL LIFE PROFILE 


The following anticipated operational life profile for the automatic blade 
control system is: 

1. Warehouse storage; - 50°C to +72°C for two years and no maintenance. 

2. Transporation; - 50°C to +72°C, 6g shock, maintenance consists of only 
that required to acquire operational stature at delivery. 

3. Mission time - 20 hours, outside environment, - 50°C to +44°C, light 
rain/snow and fog to clear and sunny , 4 hours for .scheduled maintenance 
per day, 1 hour per day for corrective maintenance. 

4. Mission repeats every 24 hours for 30 missions total. 










APPENDIX B TASKS 


1. Task 1 . Establish the most cost-effective reliability and maintainability 
requirements to meet availability probabilities to 90 to 95% for operational 
availability and 85% for storage availability of the complete automatic blade 
control system. 

2. Task 2 . Produce a functional block diagram of the automatic blade control 
system. 

3. Task 3 . Produce a reliability block diagram and mathematical model of the 
automatice blade control system. 

4. Task 4 . Develop a failure modes and effects analysis (FMEA) for the automatic 
blade control system. 

5. Task 5 . Formulate predicted MTBF for the automatic blade control system. 

6. Task 6 . Use the predicted MTBFs in the mathematical model to evaluate the 
the probabilities of successfully meeting the requirements of the operational 
life profile. 

7. Task 7 . Develop test regime to validate both operational and storage MTBFs. 
Provide a range of options in terms of lower MTBF confidence level, number 
of units, number of failures, and total test time anticipated. Include at 
least one test plan that is the most cost effective in compliance with 
MIL-STD-781C and MIL-STD-471A for the demonstration and verification of 
reliability and maintainability. 

8. Task 8 . Submit four (4) copies of a progress report by the fifteenth (15th) 
day of each month after contract award for the duration of the contract. The 
progress report shall be inexpensively prepared in the form of a letter and 
shall include a brief statement of the following: 

a. Confirmation of any agreements or understandings reached as a result 
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of technical meetings or discussions with Government technical personnel. 

b. Work accomplished during the reporting period. 

c. Special problems encountered and unsolved. 

d. Percentage of work completed on each task. 

e. Plans for the following month. 

9. Task 9 . Submit one (1) original and five (5) copies of a report documenting 
the results of the efforts. This report shall clearly summarize all work 
performed and shall contain the following information: 

a. Table of Contents 

b. Brief summary of all work done, including that yielding negative 
results or positive results not used. All information shall be discussed 
in detail. 

c. The body of the report shall describe all work done under the 
contract, as applicable. 

d. Discussion of results, conclusions and recommendations. 







APPENDIX C 

HYDRAULIC/ELECTRICAL SCHEMATICS 

REFERENCE MATERIAL 
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Figure 4.3.3. System Three: solenoid actuated open-center control circuit, pilot 

pressurized with in-line check valve (phantom line encloses machine’s 
original components, i.e., manual controls, pump, filter and reservoir). 







APPENDIX D 

DEEP STORAGE 
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A storage reliability prediction was performed on the elevation and tilt 
control. RADC LC-78-1 Storage Reliability provided the basic part failure rates. 
The following is the results of the storage prediction. 


A. Elevation Control 



Component 

Qty. 

Failure Rate 

Reference 




10-9 Hours 

RADC LC-78-1 

1 . 

12 V Battery 

1 


2-22 

2. 

Laser transmitter 

1 

TBD 

2-29 

3. 

Laser receiver 

1 

342.4 

2-18 

4. 

Mast Mojor 

1 

34.4 

2-20 

5. 

Amplifier 

1 

245.6 

2-10 to 2-18 

6. 

Pre-amplifier 

1 

61.9 

2-10 to 2-18 

7. 

Indicator & Controls 

1 

191.7 

2-18, 2-20 

8. 

Manifold 

1 

— 


9. 

Check valve 

1 

22.9 


10. 

Solenoid 

1 

8.53 


11. 

Accumulator 

1 

32.6 


12. 

Adjustable restrictor 

2 

11.10 





Z = 951.13 


B. 

Tilt Control 





Component 

Qty. 

Failure Rate 

Reference 




10-9 Hours 

RADC LC-78-1 

1 . 

Tile angle sensor 

1 

60.0 

Estimate 

2. 

Amplifier 

1 

245.6 

2-10 to 2-10 

3. 

Controls & Indicators 

1 

191.7 

2-18, 2-20 

4. 

Manifold 

1 

— 


5. 

Solenoid valve 

1 

8.53 

2-26 

6. 

Check valve 

1 

22.9 

2-26 

7. 

Accumulator 

1 

32.6 

2-22 

8. 

Adjustable restrictor 

2 

11.] 

2-26 


E * 572.43 


After two years of storage the probability of the elevation and tilt controls 
operating are determined by solving the equation R = e-At where A is the above 
failure rates and t is 2 years. 

R elevation - e - (951.31)(10-9)(17520) 

= .98347 

R tilt * e - (572.43)(10-9) (17520) 

- .99002 
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